Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IMG001.exe , IMG003.exe virus, how to remove it?

Started by habesha , Feb 03 2016 03:56 AM
malware win-32 img003.exe img001.exe администратор auto startup virus

  • Please log in to reply

#1
habesha
Posted 03 February 2016 - 03:56 AM

habesha

    New Member

  • Member
  • Pip
  • 1 posts
Am a network admin at an organization and before i knew it, all the computer are inffected with this virus which populates/auto-start it self, the directories are "C:\...\IMG001.exe",and C:\...\IMG003.exe" are the files which makes the computer busy as the anti-virus tries to block it. I have this issue for the last thre days and i have been trying to fix it but no anti-virus can delete it, AVG and AVAST premire are some of the tools i used to fix the problem. Am really woried since am not wure what will happen next, and browsing on the net i have seen that this is some kind of hackes tool, am not sure how i can solve the issue, some one help, please.
 
Thanks in advance for your time to read and reply.
 
Here is the saved message from the text box, Shortcut, Addition, and FRST. also i have attached it.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Administrator (administrator) on DESKTOP (03-02-2016 12:15:34)
Running from C:\Users\administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & admin)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\Unhackme.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [3 2015-11-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-02-02] (AVAST Software)
HKLM-x32\...\runonceex: [Flags] => 128
HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Run: [] => 0
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\ProgramData\caMyciloP\SunEco.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-02] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\csruzfnoasaw.dll No File
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\csruzfnoasaw.dll No File
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMG003.exe [2016-02-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IMG001.exe [2016-02-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\trzE8CA.tmp [2016-02-02] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzFD81.tmp [2016-01-29] ()
BootExecute: autocheck autochk * PartizanaswBoot.exe /M:d1db4dd7 /wow /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1494889691-692003638-653252256-500] => http=127.0.0.1:7070;https=127.0.0.1:7070
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.50.20 10.0.50.1
Tcpip\..\Interfaces\{6b61dd6f-a92c-43ce-96ed-13e727e68dc0}: [NameServer] 208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{6b61dd6f-a92c-43ce-96ed-13e727e68dc0}: [DhcpNameServer] 10.0.50.20 10.0.50.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1&q={searchTerms}
HKU\S-1-5-21-1494889691-692003638-653252256-500\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1O2UG-AHkz9L_6JLDGl3QHWE_YncMUuZdb9n4qnnjLSSsQq-B09yJmK2glZrRpUdf5TA4GPxMy8D99Kf6VXVMm8_1cMrDx6EvoTUDA7JWBjjC4UPkP92AgaIQlw07TNnvvkbreQu-vaOyHetmzk5L4UFm757Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1494889691-692003638-653252256-500 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrrSIp6Q_F_qNNzE_IAXOeC5kU8r2IH2g-mGX-Aq138T3F7uJIQ6ne-8DgU-EbZVJz2AKj3906UAWgsqICrlgQ8BCMX1-A8A7e-IlACF2BM9UytwL_K2h-KVsuYyWv4aBRCUxiSO8oxXfFHzgGVCgnaCHUw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1494889691-692003638-653252256-500 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrrSIp6Q_F_qNNzE_IAXOeC5kU8r2IH2g-mGX-Aq138T3F7uJIQ6ne-8DgU-EbZVJz2AKj3906UAWgsqICrlgQ8BCMX1-A8A7e-IlACF2BM9UytwL_K2h-KVsuYyWv4aBRCUxiSO8oxXfFHzgGVCgnaCHUw,,&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-07] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-02] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-02]
 
Chrome: 
=======
CHR Profile: C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-24]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-09]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2015-12-11] (Autodesk)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-02-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-02-02] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-12-12] (Microsoft Corporation)
R2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S4 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S4 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe [382464 2015-11-19] (Wondershare) [File not signed]
S2 MobogenieService; C:\Program Files (x86)\Mobogenie3\MobogenieService.exe [X]
S2 rsEngineSvc; no ImagePath
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-02-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-02-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-02-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-02-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-02-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-02-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-02-02] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [488736 2015-12-08] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-11] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-12] (REALiX™)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-22] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-11-23] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-02-02] (Greatis Software)
R1 rsktdi; C:\Windows\system32\drivers\rsktdi.sys [23704 2015-08-20] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [84672 2015-09-06] (Beijing Rising Information Technology Co., Ltd.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-09-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119168 2015-08-27] (Beijing Rising Information Technology Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-08-13] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-11-17] (wisecleaner.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 12:16 - 2016-01-29 12:37 - 03844176 _____ C:\Users\IMG001.exe
2016-02-03 12:15 - 2016-02-03 12:16 - 00022858 _____ C:\Users\administrator\Desktop\FRST.txt
2016-02-03 12:15 - 2016-02-03 12:15 - 00000000 ____D C:\FRST
2016-02-03 12:14 - 2016-02-03 12:14 - 02370560 _____ (Farbar) C:\Users\administrator\Downloads\FRST64.exe
2016-02-03 12:14 - 2016-02-03 12:14 - 02370560 _____ (Farbar) C:\Users\administrator\Desktop\FRST64.exe
2016-02-03 12:08 - 2016-02-03 12:08 - 04749366 _____ C:\Users\administrator\Downloads\remove self starting exe files from your start up folder (VLD).flv
2016-02-03 12:07 - 2016-02-03 12:07 - 00925696 _____ (Prog Lite Installer ) C:\Users\administrator\Downloads\FreeShortcutRemover.exe
2016-02-03 12:07 - 2016-02-03 12:07 - 00339360 _____ C:\Users\administrator\Downloads\Virus_Remover.zip
2016-02-03 12:03 - 2016-02-03 12:03 - 00002791 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-02-03 11:51 - 2016-02-03 12:03 - 00000000 ____D C:\Users\administrator\AppData\Roaming\BitTorrent
2016-02-03 11:50 - 2016-02-03 11:50 - 00014685 _____ C:\Users\administrator\Downloads\[kat.cr]vikings.season.1.complete.480p.hdtv.x264.vector.torrent
2016-02-03 08:50 - 2016-02-03 08:51 - 17418226 _____ C:\Users\administrator\Desktop\unhackme.zip
2016-02-03 08:17 - 2016-02-03 08:19 - 00000000 ____D C:\Users\administrator\AppData\Roaming\TeraCopy
2016-02-03 08:15 - 2016-02-03 08:15 - 00000000 ____D C:\Users\administrator\AppData\Roaming\IObit
2016-02-03 00:32 - 2016-02-03 00:32 - 00000000 ____D C:\Users\administrator\AppData\Roaming\ProductData
2016-02-02 13:48 - 2016-02-02 13:48 - 00000000 ____D C:\Users\administrator\AppData\Roaming\AVG
2016-02-02 13:47 - 2016-02-03 08:55 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Adobe
2016-02-02 13:47 - 2016-02-02 13:47 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Macromedia
2016-02-02 13:38 - 2016-02-03 12:09 - 00000000 ____D C:\Users\administrator\AppData\Roaming\vlc
2016-02-02 13:27 - 2016-02-02 13:27 - 10213219 _____ (Asoftech ) C:\Users\administrator\Downloads\video-converter.exe
2016-02-02 13:27 - 2016-02-02 13:27 - 00000840 _____ C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
2016-02-02 13:27 - 2016-02-02 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asoftech Data Recovery
2016-02-02 13:26 - 2016-02-02 13:26 - 04328880 _____ (Asoftech ) C:\Users\administrator\Downloads\adr.exe
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ____D C:\Users\administrator\AppData\Roaming\asoftech
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ____D C:\Program Files (x86)\Asoftech
2016-02-02 13:23 - 2016-02-02 13:24 - 04311560 _____ (Asoftech Photo Recovery ) C:\Users\administrator\Downloads\apr.exe
2016-02-02 12:17 - 2016-02-03 08:46 - 00000473 _____ C:\Users\administrator\Desktop\DNS.txt
2016-02-02 12:13 - 2016-02-02 12:13 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2016-02-02 12:02 - 2016-02-03 12:12 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-02-02 12:02 - 2016-02-03 12:06 - 00003414 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2016-02-02 12:02 - 2016-02-03 12:06 - 00001072 _____ C:\Users\administrator\Desktop\UnHackMe.lnk
2016-02-02 12:02 - 2016-02-03 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-02-02 12:02 - 2016-02-03 12:06 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-02-02 12:02 - 2015-12-15 12:26 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2016-02-02 12:02 - 2015-09-17 13:47 - 00047920 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-02-02 11:24 - 2016-02-02 11:24 - 00000000 ____D C:\Program Files\Reason
2016-02-02 11:22 - 2016-02-02 11:23 - 03855576 _____ (Reason Software Company Inc.) C:\Users\administrator\Downloads\reason-core-security-setup_1.1.1.0.exe
2016-02-02 09:41 - 2016-02-02 09:41 - 00003146 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454395245
2016-02-02 09:41 - 2016-02-02 09:41 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-02-02 09:41 - 2016-02-02 09:41 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-02 09:39 - 2016-02-02 09:46 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-02 09:38 - 2016-02-02 09:39 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-02-02 09:38 - 2016-02-02 09:39 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-02-02 09:38 - 2016-02-02 09:39 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-02 09:38 - 2016-02-02 09:38 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-02 09:38 - 2016-02-02 09:38 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-02 09:38 - 2016-02-02 09:37 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-02-02 09:37 - 2016-02-02 09:37 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2016-02-02 09:36 - 2016-02-02 09:36 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\gkajurwx.sys
2016-02-01 11:41 - 2016-02-01 11:41 - 00000000 ____D C:\àäìèíèñòðàòîð
2016-02-01 11:37 - 2016-02-01 11:37 - 00000000 ____D C:\admin
2016-02-01 11:36 - 2016-02-01 11:36 - 00000000 ____D C:\1
2016-02-01 11:35 - 2016-02-01 11:41 - 00000000 ____D C:\Documents and Settings
2016-02-01 11:35 - 2016-02-01 11:35 - 00000000 ____D C:\administrator
2016-02-01 09:40 - 2016-02-01 09:51 - 00000000 ____D C:\Users\administrator\AppData\Local\ROX Player
2016-02-01 09:40 - 2016-02-01 09:40 - 00001209 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROX Player.lnk
2016-02-01 09:40 - 2016-02-01 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROX Player
2016-02-01 09:39 - 2016-02-01 09:39 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-02-01 09:16 - 2016-02-01 11:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\zqknrxel.sys
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\vsvjhesi.sys
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aqaaeear.sys
2016-01-31 05:52 - 2016-01-31 05:48 - 01229312 _____ C:\Users\administrator\Downloads\install-roxplayer.msi
2016-01-30 18:26 - 2016-01-30 18:26 - 00098304 _____ (Hewlett-Packard Company) C:\Users\administrator\Downloads\HPUSBDisk.exe
2016-01-30 18:23 - 2016-01-30 18:23 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RARBG Player
2016-01-30 18:18 - 2016-01-30 18:20 - 96154592 _____ (Torch Media, Inc) C:\Users\administrator\Downloads\TorchSetupFull-r0-n-bf.exe
2016-01-30 18:04 - 2016-01-30 18:05 - 56873887 _____ C:\Users\administrator\Downloads\Shaun the Sheep - ChampionSheeps [20 MINUTE COMPILATION] (VLD).flv
2016-01-30 18:00 - 2016-01-30 18:02 - 89940059 _____ C:\Users\administrator\Downloads\Shaun the Sheep Full episodes English Episode Compilation 2 (VLD).flv
2016-01-30 17:59 - 2016-01-30 18:00 - 23130023 _____ C:\Users\administrator\Downloads\Sheep In The Island 1 [HD] (VLD).flv
2016-01-30 17:58 - 2016-01-30 17:58 - 02424101 _____ C:\Users\administrator\Downloads\Funny!!! Lion King Song!!! ( The lion sleeps tonight) (LD).mp4
2016-01-30 17:47 - 2016-01-30 17:47 - 00000042 _____ C:\WINDOWS\SysWOW64\AK083E209605E394C.lie
2016-01-30 17:46 - 2016-01-30 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
2016-01-30 16:35 - 2016-01-30 16:36 - 00162676 _____ C:\Users\administrator\Documents\cc_20160130_163548.reg
2016-01-30 14:06 - 2016-02-01 09:16 - 00000000 ____D C:\Users\1
2016-01-30 14:05 - 2016-02-01 09:16 - 00000000 ____D C:\Users\àäìèíèñòðàòîð
2016-01-30 14:04 - 2016-01-30 14:04 - 00000000 ___HD C:\$AVG
2016-01-30 13:52 - 2016-01-30 13:52 - 00003062 _____ C:\WINDOWS\System32\Tasks\0615piUpdateInfo
2016-01-30 13:52 - 2016-01-30 13:52 - 00000000 ____D C:\ProgramData\Avg_Update_0615pi
2016-01-30 13:50 - 2016-01-30 13:50 - 00000000 ____D C:\Users\Documents and Settings\àäìèíèñòðàòîð
2016-01-30 13:37 - 2016-01-30 13:37 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-30 13:37 - 2016-01-30 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-30 13:31 - 2016-02-03 08:52 - 00000000 ____D C:\ProgramData\MFAData
2016-01-30 13:31 - 2016-01-30 13:31 - 00000000 ____D C:\Users\administrator\AppData\Local\MFAData
2016-01-30 13:30 - 2016-02-01 09:13 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-30 13:30 - 2016-01-30 13:35 - 00000000 ____D C:\ProgramData\Avg
2016-01-30 13:29 - 2016-01-30 13:41 - 00000000 ____D C:\Users\administrator\AppData\Local\Avg
2016-01-30 13:29 - 2016-01-30 13:30 - 00000000 ____D C:\Users\administrator\AppData\Local\AvgSetupLog
2016-01-30 12:29 - 2016-01-30 12:29 - 00000000 ____D C:\Users\Documents and Settings\1
2016-01-30 11:24 - 2016-02-03 11:45 - 00000248 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2016-01-30 11:13 - 2016-02-03 12:11 - 00000000 ____D C:\ProgramData\RegRun
2016-01-30 11:06 - 2016-02-03 12:12 - 00000000 ____D C:\Users\administrator\Documents\RegRun2
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2016-01-30 11:05 - 2016-02-02 11:32 - 00000000 ____D C:\Users\administrator\Downloads\unhackme
2016-01-30 11:03 - 2016-01-30 11:04 - 17418226 _____ C:\Users\administrator\Downloads\unhackme.zip
2016-01-30 10:47 - 2016-01-30 11:24 - 00000000 ____D C:\Users\administrator\AppData\Local\TORCH.del
2016-01-29 18:49 - 2016-01-29 18:49 - 00000000 ____D C:\Users\administrator\Desktop\Bluetooth
2016-01-29 18:30 - 2016-01-30 10:31 - 00000000 ____D C:\Users\administrator\Desktop\recommendation
2016-01-27 19:58 - 2016-01-27 19:58 - 00000000 ____D C:\Users\Documents and Settings\admin
2016-01-27 19:25 - 2016-01-27 19:25 - 00000000 ____D C:\Users\Documents and Settings\administrator
2016-01-27 16:16 - 2016-02-01 09:16 - 00000000 ____D C:\Users\Documents and Settings
2016-01-27 16:14 - 2016-02-01 09:16 - 00000000 ____D C:\Users\ProgramData
2016-01-27 10:36 - 2016-01-27 17:36 - 00000000 ____D C:\Users\administrator\Documents\tsunami
2016-01-26 17:54 - 2016-01-30 12:31 - 00000000 ____D C:\QUARANTINE
2016-01-25 12:20 - 2016-02-01 11:01 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-01-25 12:20 - 2016-01-25 12:19 - 00118416 _____ (McAfee, Inc.) C:\WINDOWS\system32\MfeOtlkAddin.dll
2016-01-25 12:20 - 2016-01-25 12:19 - 00090576 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MfeOtlkAddin.dll
2016-01-25 12:20 - 2016-01-25 12:19 - 00024168 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MFEOtlk.dll
2016-01-25 12:18 - 2016-01-30 13:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-25 10:58 - 2016-01-25 10:58 - 00000000 ____D C:\Users\administrator\AppData\Local\AviraResume
2016-01-23 15:33 - 2016-01-23 15:33 - 00000000 ____D C:\Users\administrator\AppData\Roaming\AVAST Software
2016-01-23 15:28 - 2016-02-02 09:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-23 15:28 - 2016-01-23 15:21 - 03451936 ____N (Avast Software s.r.o.) C:\Users\Public\Documents\aswOfferTool.exe
2016-01-23 08:54 - 2016-01-30 11:28 - 00000000 ____D C:\Users\administrator\AppData\LocalLow\uTorrent
2016-01-14 10:28 - 2016-01-14 10:28 - 00001742 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-01-14 10:28 - 2016-01-14 10:28 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-01-14 10:24 - 2016-01-14 10:26 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-01-13 09:56 - 2016-02-03 08:28 - 00000000 ____D C:\Users\administrator\Desktop\indonesia-bali
2016-01-12 08:32 - 2016-01-19 22:14 - 00000000 ____D C:\Users\administrator\Desktop\card tricks
2016-01-11 12:10 - 2016-01-11 12:13 - 00000000 ____D C:\Users\administrator\AppData\Local\ashampoo
2016-01-11 12:10 - 2016-01-11 12:10 - 00001902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2016-01-11 12:10 - 2016-01-11 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-01-11 12:09 - 2016-01-11 12:09 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-01-09 09:18 - 2016-01-09 09:18 - 00000136 _____ C:\Users\administrator\Documents\unhide.zip
2016-01-05 10:25 - 2016-02-01 09:51 - 00000000 ____D C:\Users\administrator\Desktop\x-mas
2016-01-04 14:16 - 2016-01-04 14:16 - 00002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2016-01-04 14:16 - 2014-05-19 13:26 - 00029704 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon9.dll
2016-01-04 14:16 - 2014-05-19 13:26 - 00017928 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui9.dll
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\ProgramData\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files\Common Files\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files (x86)\Nitro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 12:03 - 2015-12-04 15:47 - 00002791 _____ C:\Users\administrator\Desktop\BitTorrent.lnk
2016-02-03 11:49 - 2015-03-04 02:42 - 00000000 ____D C:\Users\administrator\Downloads\voucher printed
2016-02-03 11:47 - 2015-09-22 16:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-03 11:46 - 2015-10-15 09:36 - 00000000 ____D C:\ProgramData\VMware
2016-02-03 11:45 - 2015-12-11 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-03 11:45 - 2015-09-22 10:35 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-02-03 11:44 - 2015-10-30 09:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-03 11:43 - 2015-09-22 11:26 - 00000000 ____D C:\Users\administrator\Documents\Outlook Files
2016-02-03 11:23 - 2015-10-14 02:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-03 08:26 - 2015-09-22 11:06 - 00002278 ____H C:\Users\administrator\Documents\Default.rdp
2016-02-03 08:10 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-03 08:10 - 2015-10-09 04:06 - 00000000 ____D C:\Users\administrator\AppData\Local\ElevatedDiagnostics
2016-02-03 08:09 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-02 13:47 - 2015-11-20 08:18 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Maxthon3
2016-02-02 13:35 - 2015-09-22 10:39 - 00000000 ____D C:\Users\administrator\Desktop\short cutz
2016-02-02 13:31 - 2015-11-20 10:33 - 00000304 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2016-02-02 12:44 - 2015-12-11 20:54 - 00980448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-02 12:44 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-02 12:14 - 2015-10-07 04:47 - 00000000 ____D C:\Program Files\Common Files\qkpcv1f1
2016-02-02 11:55 - 2015-11-13 02:54 - 00000000 ____D C:\Users\administrator\Downloads\system tools
2016-02-02 11:55 - 2015-10-07 03:47 - 00000000 ____D C:\ProgramData\IObit
2016-02-02 10:07 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-02 09:38 - 2015-10-07 08:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-02 07:16 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 20:50 - 2015-10-30 09:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-01 12:15 - 2015-10-14 02:59 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-01 11:37 - 2015-10-30 10:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-01 11:37 - 2015-10-07 03:46 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-01 09:50 - 2015-12-04 15:47 - 00000000 ____D C:\Users\administrator\AppData\LocalLow\BitTorrent
2016-02-01 09:16 - 2015-07-10 12:05 - 00000000 ____D C:\Users\Default.migrated
2016-01-30 18:41 - 2015-12-11 20:55 - 00000000 ____D C:\Users\administrator
2016-01-30 17:50 - 2015-12-31 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-30 17:08 - 2015-09-22 16:10 - 00000000 ____D C:\Program Files (x86)\Power Ge'ez 2010
2016-01-30 15:20 - 2015-10-12 02:57 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-01-30 13:26 - 2015-10-02 06:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-30 13:24 - 2015-10-14 02:59 - 00000000 ____D C:\ProgramData\McAfee
2016-01-30 13:09 - 2015-09-25 07:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-30 12:20 - 2015-11-18 06:30 - 00000000 ____D C:\ProgramData\ProductData
2016-01-30 11:24 - 2015-09-26 04:42 - 00000000 ____D C:\Program Files (x86)\MOBOGENIE3.del
2016-01-29 17:06 - 2015-11-12 03:42 - 00000000 ____D C:\Program Files\PowerDataRecovery
2016-01-29 16:49 - 2015-12-02 04:14 - 00000000 ____D C:\Program Files\KMSpico
2016-01-29 16:19 - 2015-11-09 09:44 - 00000000 ____D C:\Users\administrator\Desktop\identix
2016-01-29 15:05 - 2015-11-23 11:32 - 00000000 ____D C:\Users\administrator\Desktop\HBD
2016-01-29 12:34 - 2015-05-30 07:21 - 00000000 ____D C:\Users\administrator\Desktop\adv
2016-01-28 16:45 - 2015-05-29 04:09 - 00000000 ____D C:\Users\administrator\Desktop\proj-data
2016-01-26 20:15 - 2015-08-20 09:50 - 00000000 ____D C:\Users\administrator\Desktop\tiens
2016-01-26 18:00 - 2015-09-22 10:35 - 00000000 ____D C:\Users\administrator\AppData\Local\Packages
2016-01-25 11:56 - 2015-06-04 07:21 - 00000000 ____D C:\Users\administrator\Desktop\ssih-files
2016-01-23 15:03 - 2015-09-26 10:16 - 00000000 ____D C:\Users\administrator\Desktop\pic-
2016-01-19 23:01 - 2015-10-07 05:02 - 00000000 ____D C:\KMPlayer
2016-01-19 20:41 - 2015-11-09 12:07 - 00000000 ____D C:\Users\administrator\Desktop\Ahadu IT Solutions
2016-01-14 10:26 - 2015-10-30 10:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-14 10:24 - 2015-10-12 02:59 - 00000000 ____D C:\ProgramData\BlueStacks
2016-01-13 14:33 - 2015-10-15 09:52 - 00000000 ____D C:\Users\administrator\AppData\Local\VMware
2016-01-12 19:24 - 2015-11-13 08:52 - 00000000 ____D C:\Users\administrator\Downloads\diff tutorial
2016-01-12 17:39 - 2015-12-23 13:36 - 00000000 ____D C:\Users\administrator\Desktop\daniel 7
2016-01-04 10:39 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2015-11-16 04:26 - 2015-11-16 04:31 - 0005632 _____ () C:\Users\administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-07 02:46 - 2015-10-07 02:46 - 0000187 _____ () C:\Users\administrator\AppData\Local\Donelectronics.exe.config
2015-11-23 14:15 - 2015-12-04 12:15 - 0000700 ___SH () C:\Users\administrator\AppData\Local\systemFL7.dat
2015-10-07 08:35 - 2015-10-07 08:35 - 0000000 _____ () C:\ProgramData\inf.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-25 08:59
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Administrator (2016-02-03 12:16:43)
Running from C:\Users\administrator\Desktop
Windows 10 Pro (X64) (2015-12-11 18:50:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-767562735-1566109874-383603450-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-767562735-1566109874-383603450-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-767562735-1566109874-383603450-503 - Limited - Disabled)
Guest (S-1-5-21-767562735-1566109874-383603450-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1494889691-692003638-653252256-500\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.50.1277, 19.06.2013 - AIMP DevTeam)
Ashampoo Burning Studio 14 v.14.0.4 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.4 - Ashampoo GmbH & Co. KG)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
ezvid (HKLM-x32\...\{38C27BF3-6977-4CB1-94C4-A05A9989A137}) (Version: 0.6.18 - ezvid, inc.)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
Google Chrome (HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Google Chrome) (Version: 25.0.1323.1 - Google Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
Iota 2.3.3 (HKLM-x32\...\{0C8A4930-B317-4012-85FF-3E116BEFB68F}_is1) (Version:  - iyesus.com)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.129 - PandoraTV)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Longman Advanced American Dictionary (HKLM-x32\...\NSIS_laad) (Version:  - )
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.1500 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Power Ge'ez 2010 (HKLM-x32\...\Power Ge'ez 2010) (Version: 10.0.0 - cRACK  CDS Ge'ez #10)
Power Ge'ez 2010 (x32 Version: 10.0.0 - cRACK  CDS Ge'ez #10) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
ROX Player version 1.480 (HKLM-x32\...\ROX Player_is1) (Version: 1.480 - )
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UnHackMe 7.95 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Workstation (HKLM\...\{132E3257-14F1-411A-BC6C-0CA32D3A9BC6}) (Version: 12.0.0 - VMware, Inc.)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
washra-fonts-4.1 (HKLM-x32\...\{53F31108-F08F-4F0D-9FFF-4794C00DE796}) (Version: 1.0.0 - HCCS)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Filmora(Build 6.6.0) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C10CAA0-7900-4E4B-9AE3-9FC2C942DF4C} - System32\Tasks\{72D5B80C-855E-455A-AF34-B7A213FA2A25} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" -c /removereleaseinpatch "{90150000-012B-0409-1000-0000000FF1CE}" "{E7396A71-6BAC-4A67-8B4F-384CA2257A41}" "1033" "0"
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0E1BA573-918B-4F8A-9985-3872BE22E30D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {2F6410E0-AE21-4902-8DF4-7D9A8AC1FFC7} - System32\Tasks\SafeZone scheduled Autoupdate 1454395245 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {33460132-7E18-496B-B4B5-6D4F052AAF07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {51EE82B7-F436-4B02-93EA-D503BF430E44} - System32\Tasks\0615piUpdateInfo => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe [2015-11-03] ()
Task: {806E3E1C-0832-4A58-A244-0F782ECE592A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9F3A30B3-4A2C-4D80-BCA3-ABC294F09A06} - System32\Tasks\{C9C215DF-5473-4004-B5A5-C7C0F73947A4} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ventodinfresh\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Ventodinfresh\uninstall.dat" -a uninstallme A0D57ECE-3060-465E-894C-92507362C854 DeviceId=188e94e0-21e6-19a1-3c26-dbe19ea3acba BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {B806DEDA-F5C4-4419-BB7D-12275A28FAC3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {C357A9B3-9702-4E4B-AE9E-A1454D5DE9DD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C3FDFA2B-254D-4B4C-849F-D343D407CC7B} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-02-03] (Greatis Software)
Task: {C8422F6E-E5A2-4B88-AD59-D2727DA65096} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-02] (AVAST Software)
Task: {CC02A91D-68EB-4FD7-A0BA-4BF4CEE7CDEA} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {D8DAE5F1-9B8D-459B-BEE6-D4145D5FC9EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-01] (Adobe Systems Incorporated)
Task: {DA1D419A-D6F8-46B6-9E98-ECFFC08E82F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EA60DD6F-88C7-479F-9E1C-2C12AD09225A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {FF33EA59-31C1-4B10-BC23-4435AE79FB23} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-08-20] (Maxthon International ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-30 04:28 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-09-25 05:45 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-12-12 07:30 - 2015-12-12 07:30 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 07:30 - 2015-12-12 07:30 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-22 16:02 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-22 16:02 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-10-30 10:17 - 2015-10-30 10:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 10:17 - 2015-10-30 10:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-09-25 08:19 - 2014-01-14 18:54 - 10966528 _____ () C:\xampp\mysql\bin\mysqld.exe
2015-12-12 07:30 - 2015-12-12 07:30 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-12 07:30 - 2015-12-12 07:30 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-12 07:30 - 2015-12-12 07:30 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-12 07:30 - 2015-12-12 07:30 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-02 09:38 - 2016-02-02 09:38 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-02 09:38 - 2016-02-02 09:38 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-02 21:38 - 2016-02-02 21:38 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020201\algo.dll
2016-02-02 09:38 - 2016-02-02 09:38 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-09-25 08:17 - 2013-07-08 14:34 - 00114688 _____ () C:\xampp\apache\bin\pcre.dll
2015-09-25 08:19 - 2014-02-06 01:54 - 00128512 _____ () C:\xampp\php\libpq.dll
2015-08-14 14:02 - 2015-08-14 14:02 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-10-07 03:47 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-07 03:47 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-10-07 03:47 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-10-07 03:47 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-01-30 13:30 - 2015-04-07 16:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-02-02 09:38 - 2016-02-02 09:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-22 12:05 - 2014-04-18 08:15 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2015-11-20 08:18 - 2014-04-22 09:33 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2015-09-22 12:05 - 2014-04-18 08:15 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2015-11-20 08:18 - 2014-04-18 08:16 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2015-11-20 08:18 - 2014-04-18 08:16 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll
2015-11-20 08:18 - 2014-04-18 08:16 - 04055504 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\pdf.dll
2015-11-20 08:18 - 2014-04-18 08:16 - 02128152 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll
2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 16:58 - 2015-04-13 16:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 16:56 - 2015-04-13 16:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 16:58 - 2015-04-13 16:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00040384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00044992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 16:57 - 2015-04-13 16:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-13 16:59 - 2015-04-13 16:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1494889691-692003638-653252256-500\...\baidu.com -> hxxps://www.baidu.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 14:04 - 2015-11-12 03:48 - 00001445 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost127.0.0.1                   onhax.net
127.0.0.2                   www.onhax.net
127.0.0.2                   forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   dlgratis.com
127.0.0.1                   p30world.com
127.0.0.1                   mhktricks.net
127.0.0.1                   www.mhktricks.net
127.0.0.1                   piratecity.net
127.0.0.1                   activation.cloud.techsmith.com
127.0.0.1                   oscount.techsmith.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1494889691-692003638-653252256-500\Control Panel\Desktop\\Wallpaper -> C:\Users\administrator\Desktop\indonesia-bali\Bali13.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: RsRavMon => 2
HKLM\...\StartupApproved\StartupFolder: => "Ge'ez 2010.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "smallbox"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "RsTurboball"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Attend Scheduler"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\StartupFolder: => "IMG003.exe"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "L09AXLRD_201312078"
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "uTorrent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A1548BE6-B6D7-4AF1-AC72-8B7811D6AE73}] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [{3B134008-033A-40D2-A3F1-EA37FF7BDD16}] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [UDP Query User{5D6A81ED-47A0-4395-AE71-E73C04710F93}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [TCP Query User{6254B854-E931-435F-9651-12516CBC3DF6}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [{9F66E629-8154-4ACF-91E7-564B735A6AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3DC4DA6-28E3-4CF3-A0C9-F629B1AB77A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A0758DE-B699-42D4-AD94-E641F9353EAD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6A260A46-A085-4742-9808-32697B018FE1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{57E3CE3E-B9DE-4AC6-96A4-E192983BEA10}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2C3D2B2C-46F5-4E81-85CE-E16FBC4C9989}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{BF9742DC-1F2B-4792-8734-0E8C7F0C753D}] => (Allow) LPort=8080
FirewallRules: [UDP Query User{DF39FB05-565B-41EC-8AAB-6E22DEC7B10F}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{C173B7E3-9D27-4044-A99E-AD294EA3AE6F}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{DAF37F1F-9F37-41AB-8BA9-E8499A9DBA2E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{511E4C92-B9DC-4FBA-AA51-D38B946F93A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{0CC51CA7-545E-43BF-875A-185D980D0D9F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{EDD6C34D-7BE0-4339-A4D9-61D2E9FF03A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{44EC2133-F9C8-4C8D-ABA6-312DAF2D6E95}] => (Block) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{502EDB8A-F745-45F2-81E3-69CF657AF224}] => (Block) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{0305C619-1821-45AE-B02A-AFED4C0DFD8D}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [TCP Query User{68917788-A583-40CD-96A4-B001D8255A6C}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{0FDF5E74-061E-4E3B-9CFE-1B18C7FAD802}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{ABF61D39-E245-4FDE-A501-9C5E36D7640B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2F948318-E188-4097-8673-39CA770632A6}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{D7A3DC28-6D3F-4BD7-A4ED-11F85BEBE574}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{3B7660B8-5645-4054-ACFE-9B0A37C5A8C1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{5A9B1AC0-F8EA-41E7-9054-36E0CBC4A7C5}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{705FFA7B-AA71-4500-819E-60504759ADDE}] => (Allow) LPort=12292
FirewallRules: [{47A56AC8-CDFE-4DCF-917C-8E0E6A7CF91B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{5008E752-CF1C-42CD-B5FB-D783E1AFBC7A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{C2C06F1C-6EA1-42B2-AC80-65D863FC2A36}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{4792955A-FBA7-4C50-93F8-7479B6D2AF51}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{104F71FE-9B4F-4AB8-B038-1BB266F5A588}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{CA0B55CC-3003-4AC2-8099-E4B21D65F4DB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{32EB4B43-B6F6-4CDB-BFF0-7EFCB2E8C942}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{E0069D97-A8C7-429A-95F2-515F21D5EA0D}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC0E7D15-E8D1-4205-A401-922CB761A4BB}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40769A86-181A-4556-ADFE-B399A167E94E}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61102C00-0249-44BE-8256-0ADB0752AD53}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{490CCAC6-D23C-482B-90FF-D80F48B070B7}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91762153-0B32-4E23-B4FB-32AF8B4B1AC6}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CCFAA4A-39F6-4ACD-8387-A4AE3606941D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B3D06DEF-412A-4C4B-866C-309242F7CAAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B77709A4-D1F3-470A-85D0-69CDA4ABF582}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{267BBC79-3FA2-4403-9D05-D156A8CB73D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ABAA3F2E-88B1-4D00-AB49-6B61A090281B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79E96453-B81C-4B4C-927B-E52C202EAC94}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8DDDB064-10EA-43DD-9091-1212BFC7DB14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3594D39D-6D49-4DEB-A9EF-4C90DE70E3F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{88A9E207-0C25-4B42-B208-71EEEAED7BBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{27CE5AC2-6AC0-445D-8BD7-60F9AA5AD46F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83F6F84A-5B93-4B3D-B39F-8779F9C7A0DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD02BE8D-69F5-4BC8-8481-3D849DA8A344}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A5959C36-1494-471A-AC74-5EC9B846D90A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{12BD4F6A-8731-4206-B2AC-5A980C5CFECB}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe
FirewallRules: [{768C6F8F-638C-4DF9-9C2A-6FA9F7D23C3B}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe
FirewallRules: [{9D983DE3-CF3B-4E3B-A34B-7868ACF0D76E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{515E2D0F-4C78-46D4-B25A-91C67E9FC254}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F24D1E41-6F9E-4244-A09A-B72F403AA4C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1CF1A232-22DA-4A3B-9F37-3A5BBAA6FE37}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{3DC59585-0198-4322-8570-7F2CE3BB9FA9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DBDF564D-F7AA-49D7-A904-647DB415134C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C80D11B7-C885-4D3F-80F2-E31493C64D52}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BD7F3C34-AC2C-4B38-A30A-0A0E620A41FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9968C925-DA26-4013-9150-1F21A007428D}] => (Allow) C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe
FirewallRules: [{DC56EDD2-F683-4578-86DD-6E19E79C977F}] => (Allow) C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe
FirewallRules: [{5D126417-D871-4C27-A694-F36D5E5B8C17}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{496055CA-A3BE-47D6-999B-610C3A1EA05F}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBC891D0-4B6F-474D-904C-A3B4C977FD9B}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{32641551-6ACA-424D-8666-1282FC542807}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{525365A9-9B5E-4EA2-B61C-C8A27DCDC0A3}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{767D924E-0FD9-460D-9FFE-E40D513E5DEF}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
 
==================== Restore Points =========================
 
02-02-2016 13:24:26 Installed Asoftech Photo Recovery
 
==================== Faulty Device Manager Devices =============
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SAMSUNG Mobile USB Serial Port  (COM3)
Description: SAMSUNG Mobile USB Serial Port 
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: SAMSUNG Electronics Co., Ltd. 
Service: ssudserd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: GT-S7562
Description: GT-S7562
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd. 
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/02/2016 01:24:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/02/2016 12:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f
Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6
Exception code: 0xc0000005
Fault offset: 0x000000000006bd5e
Faulting process id: 0x26f4
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5
 
Error: (02/02/2016 12:19:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f
Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6
Exception code: 0xc0000005
Fault offset: 0x000000000006bd5e
Faulting process id: 0x26f4
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5
 
Error: (02/02/2016 11:53:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f
Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6
Exception code: 0xc0000005
Fault offset: 0x000000000006bd5e
Faulting process id: 0x26f4
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5
 
Error: (02/02/2016 11:48:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSIH)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/02/2016 11:31:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f
Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6
Exception code: 0xc0000005
Fault offset: 0x000000000006bd5e
Faulting process id: 0x26f4
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5
 
Error: (02/02/2016 11:26:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f
Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6
Exception code: 0xc0000005
Fault offset: 0x000000000006bd5e
Faulting process id: 0x26f4
Faulting application start time: 0xrsUI.exe0
Faulting application path: rsUI.exe1
Faulting module path: rsUI.exe2
Report Id: rsUI.exe3
Faulting package full name: rsUI.exe4
Faulting package-relative application ID: rsUI.exe5
 
Error: (02/01/2016 11:38:37 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (02/01/2016 11:00:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (02/01/2016 08:54:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSIH)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/03/2016 11:50:13 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: 
%%193
 
Error: (02/03/2016 11:49:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program.
 
Error: (02/03/2016 11:48:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/03/2016 11:47:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/03/2016 11:46:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsAppService service failed to start due to the following error: 
%%1053
 
Error: (02/03/2016 11:46:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect.
 
Error: (02/03/2016 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdLogRotatorSvc service failed to start due to the following error: 
%%1053
 
Error: (02/03/2016 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BstHdLogRotatorSvc service to connect.
 
Error: (02/03/2016 11:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MobogenieService service failed to start due to the following error: 
%%2
 
Error: (02/03/2016 11:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rsEngineSvc service failed to start due to the following error: 
%%3
 
 
CodeIntegrity:
===================================
  Date: 2016-02-01 11:07:51.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-01 11:07:51.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-01 11:07:49.851
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-01 11:07:49.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-30 13:40:50.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-30 13:22:01.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-30 13:22:01.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-30 13:22:00.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-30 13:22:00.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-30 11:34:02.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 49%
Total physical RAM: 3977.05 MB
Available physical RAM: 2022.73 MB
Total Virtual: 6793.05 MB
Available Virtual: 3813.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.02 GB) (Free:16.43 GB) NTFS
Drive d: (win7) (Fixed) (Total:253.01 GB) (Free:60.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (External) (Fixed) (Total:186.29 GB) (Free:5.36 GB) NTFS
Drive f: (backup) (Fixed) (Total:192.08 GB) (Free:15.69 GB) NTFS
Drive i: (os-soft) (Fixed) (Total:20.62 GB) (Free:1.57 GB) NTFS
Drive y: () (Network) (Total:359.45 GB) (Free:48.47 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18C9E6EB)
Partition 1: (Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 50F54FE5)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=186.3 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 
 
Users shortcut scan result (x64) Version:27-01-2016
Ran by Administrator (2016-02-03 12:19:07)
Running from C:\Users\administrator\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
 
 
Shortcut: C:\Users\admin\Links\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\admin\Links\Downloads.lnk -> C:\Users\administrator\Downloads ()
Shortcut: C:\Users\admin\Desktop\µTorrent.lnk -> C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman\Longman Advanced American Dictionary\Longman Advanced American Dictionary.lnk -> C:\Program Files\Longman\Longman Advanced American Dictionary\laad.exe (mozilla.org)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman\Longman Advanced American Dictionary\Uninstall.lnk -> C:\Program Files\Longman\Longman Advanced American Dictionary\uninstall.exe ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\Links\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\administrator\Links\Downloads.lnk -> C:\Users\administrator\Downloads ()
Shortcut: C:\Users\administrator\Desktop\BitTorrent.lnk -> C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\administrator\Desktop\UnHackMe.lnk -> C:\Program Files (x86)\UnHackMe\Unhackme.exe (Greatis Software)
Shortcut: C:\Users\administrator\Desktop\short cutz\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\administrator\Desktop\short cutz\Advanced SystemCare 8.lnk -> C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\AIMP3.lnk -> C:\Program Files (x86)\AIMP3\AIMP3.exe (AIMP DevTeam)
Shortcut: C:\Users\administrator\Desktop\short cutz\Apps.lnk -> C:\Users\Public\Libraries\Apps.library-ms ()
Shortcut: C:\Users\administrator\Desktop\short cutz\Ashampoo Burning Studio 14.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe (Ashampoo)
Shortcut: C:\Users\administrator\Desktop\short cutz\Autodesk DWF Viewer.lnk -> C:\Program Files (x86)\Autodesk\Autodesk DWF Viewer\DWFViewer.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\administrator\Desktop\short cutz\BlueStacks.lnk -> C:\ProgramData\BlueStacksGameManager\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\administrator\Desktop\short cutz\EaseUS Partition Master 10.0.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EPMStartLoader.exe ()
Shortcut: C:\Users\administrator\Desktop\short cutz\Format Factory.lnk -> C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\Ge'ez 10.lnk -> C:\Program Files (x86)\Power Ge'ez 2010\pg2010.exe (Concepts Data Systems PLC)
Shortcut: C:\Users\administrator\Desktop\short cutz\Google Chrome.lnk -> C:\Users\administrator\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\administrator\Desktop\short cutz\IObit Uninstaller.lnk -> C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe (IObit)
Shortcut: C:\Users\administrator\Desktop\short cutz\Iota.lnk -> C:\Program Files (x86)\Iota\iota.exe ()
Shortcut: C:\Users\administrator\Desktop\short cutz\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\administrator\Desktop\short cutz\Longman Advanced American Dictionary.lnk -> C:\Program Files\Longman\Longman Advanced American Dictionary\laad.exe (mozilla.org)
Shortcut: C:\Users\administrator\Desktop\short cutz\Maxthon Cloud Browser.lnk -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
Shortcut: C:\Users\administrator\Desktop\short cutz\Mobogenie3.lnk -> C:\Program Files (x86)\Mobogenie3\Mobogenie.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\Nitro Pro 9.lnk -> C:\Program Files\Nitro\Pro 9\NitroPDF.exe (Nitro PDF)
Shortcut: C:\Users\administrator\Desktop\short cutz\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO [email protected])
Shortcut: C:\Users\administrator\Desktop\short cutz\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\administrator\Desktop\short cutz\PowerISO.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.exe (Power Software Ltd)
Shortcut: C:\Users\administrator\Desktop\short cutz\ROX Player.lnk -> C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe (PS Pay Solutions UG)
Shortcut: C:\Users\administrator\Desktop\short cutz\SMADΔV.lnk -> C:\Program Files (x86)\SMADAV\SMΔRTP.exe (No File)
Shortcut: C:\Users\administrator\Desktop\short cutz\Start BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\administrator\Desktop\short cutz\TeamViewer 10.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\administrator\Desktop\short cutz\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\administrator\Desktop\short cutz\VMware Workstation Pro.lnk -> C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc.)
Shortcut: C:\Users\administrator\Desktop\short cutz\Wondershare Filmora.lnk -> C:\Program Files (x86)\Wondershare\Filmora\Filmora.exe (Wondershare Software)
Shortcut: C:\Users\administrator\Desktop\short cutz\µTorrent.lnk -> C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\administrator\Desktop\proj-data\2015\2015 Wendo\www_wgarc_gov_et\rs\Library\Computers\Programming\Computer programming in_files\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\administrator\Desktop\proj-data\2015\2015 Wendo\www_wgarc_gov_et\Library\Computers\Programming\Computer programming in_files\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk -> C:\ProgramData\BlueStacksGameManager\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROX Player.lnk -> C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe (PS Pay Solutions UG)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk -> C:\KMPlayer\KMPSetup.exe (hxxp://www.kmplayer.com)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk -> C:\KMPlayer\uninstall.exe (PandoraTV)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk -> C:\Users\administrator\AppData\Roaming\Enigma Software Group\sh_installer.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RARBG Player\RARBG Player.lnk -> C:\Program Files (x86)\RARBG Player\RARBG Player.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RARBG Player\Uninstall.lnk -> C:\Program Files (x86)\RARBG Player\Uninstall.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\administrator\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk -> C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk -> C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk -> C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\Format Factory.lnk -> C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Partition Master 10.0.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EPMStartLoader.exe ()
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\administrator\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk -> C:\Program Files (x86)\Mobogenie3\Mobogenie.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk -> C:\Program Files\Perfect Uninstaller\PU.exe (No File)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WampServer.lnk -> C:\wamp\wampmanager.exe (Aestan Software)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CC (64 Bit).lnk -> C:\Program Files\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ROX Player.lnk -> C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe (PS Pay Solutions UG)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VMware Workstation Pro.lnk -> C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser (2).lnk -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
Shortcut: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\cn.xender.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000021\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.amazon.venezia.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000002\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.bubblegalaxy.bubble4.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000019\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.facebook.katana.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000000\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.google.android.apps.photos.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000024\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.google.android.youtube.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000027\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.imo.android.imoim.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000007\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.instagram.android.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000025\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.king.candycrushsaga.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000017\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.madhead.tos.en.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000011\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.magmamobile.game.Plumber.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000003\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.magmamobile.game.SpiderSolitaire.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000004\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.mesegana.APP.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000028\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.naturalmotion.csrracing.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000023\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.plants.animals.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000009\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.rovio.angrybirds.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000016\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.skype.raider.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000026\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.supercell.hayday.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000010\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.twitter.android.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000001\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.viber.voip.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000005\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.whats.up.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000013\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.yodo1.crossyroad.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000018\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\how.old.Face.Look.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000020\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\jp.naver.line.android.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000012\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\kik.android.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000008\Launcher.vbs ()
Shortcut: C:\Users\administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\livio.pack.lang.en_US.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000029\Launcher.vbs ()
Shortcut: C:\Users\Kbekele\Links\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\Kbekele\Links\Downloads.lnk -> C:\Users\administrator\Downloads ()
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\Links\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\petros\Links\Downloads.lnk -> C:\Users\administrator\Downloads ()
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Asoftech Data Recovery.lnk -> C:\Program Files (x86)\Asoftech\Data Recovery\adr.exe (Asoftech)
Shortcut: C:\Users\Public\Desktop\AVG Protection.lnk -> C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
Shortcut: C:\Users\wondwossen.a\Links\Desktop.lnk -> C:\Users\administrator\Desktop ()
Shortcut: C:\Users\wondwossen.a\Links\Downloads.lnk -> C:\Users\administrator\Downloads ()
Shortcut: C:\Users\wondwossen.a\Desktop\ezvid.lnk -> C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Installer\{38C27BF3-6977-4CB1-94C4-A05A9989A137}\_1D9C97E76CA87D762364BF.exe ()
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ezvid\ezvid.lnk -> C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Installer\{38C27BF3-6977-4CB1-94C4-A05A9989A137}\_05ADE8A69B8BDE6448EB59.exe ()
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ezvid\Uninstall ezvid.lnk -> C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Installer\{38C27BF3-6977-4CB1-94C4-A05A9989A137}\_EEF8485205E9EE0709C173.exe ()
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ezvid.lnk -> C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Installer\{38C27BF3-6977-4CB1-94C4-A05A9989A137}\_1D9C97E76CA87D762364BF.exe ()
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
 
 
 
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\administrator\Desktop\short cutz\Adobe Application Manager.lnk -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Systems Incorporated) -> --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
ShortcutWithArgument: C:\Users\administrator\Desktop\short cutz\Ashampoo Burning Studio 14 Compact Mode.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe (Ashampoo) -> -compact
ShortcutWithArgument: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com"
ShortcutWithArgument: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\administrator\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Kbekele\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Kbekele\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\petros\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\petros\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\petros\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\wondwossen.a\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\Users\admin\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\administrator\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\administrator\Favorites\Download IObit Freeware.url -> hxxp://www.iobit.com/
InternetURL: C:\Users\administrator\Downloads\Programs\activator\KMSpico 10.1.8.2 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]\KMSpico.10.1.8.2 FINAL [TechTools.net]\TechTools.NET.URL -> hxxp://www.techtools.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\64 Bit {X64}\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\64 Bit {X64}\Setup\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\64 Bit {X64}\Keygen\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\32 Bit {X86}\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\32 Bit {X86}\Setup\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\x-mas\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\32 Bit {X86}\Keygen\Fullstuff.net.url -> hxxp://www.fullstufff.net/
InternetURL: C:\Users\administrator\Desktop\short cutz\Your Software Deals.url -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=11113&utm_medium=desktop&x-pos=desktop
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\Apple iMac info.url -> hxxp://www.no1themes.com/2009/11/apple-imac-front-view-free-psd-template.html
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\Bubbles info.url -> hxxp://www.no1themes.com/2009/12/word-and-thought-chat-bubbles-free-psd.html
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\Color info.url -> hxxp://www.no1themes.com/2009/11/color-free-psd.html
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\More downloads.url -> hxxp://www.no1themes.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\Precious Heart info.url -> hxxp://www.no1themes.com/2009/12/precious-heart-free-psd-template.html
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\PSD\YouTube info.url -> hxxp://www.no1themes.com/2009/11/from-www_28.html
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\InDesign CC Digital Classroom - how to design eye-popping layouts for brochures, magazines, e-books, and flyers\InDesign_CC_Digital_Classroom\^ Just one Click to Get More Ebooks Mags.url -> hxxp://www.todaydownloadz.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\InDesign CC Digital Classroom - how to design eye-popping layouts for brochures, magazines, e-books, and flyers\InDesign_CC_Digital_Classroom\~Download More Stuff Here !.url -> hxxp://www.todaydownloadz.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\InDesign CC Digital Classroom - how to design eye-popping layouts for brochures, magazines, e-books, and flyers\InDesign_CC_Digital_Classroom\~Read More Ebooks and Tutorials Online.url -> hxxp://www.todaydownloadz.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\InDesign CC Digital Classroom - how to design eye-popping layouts for brochures, magazines, e-books, and flyers\InDesign_CC_Digital_Classroom\~Get Your Files Here\Get More Ebooks Here.url -> hxxp://www.todaydownloadz.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\4th July info.url -> hxxp://no1themes.com/2009/08/4-july/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Halloween Party info.url -> hxxp://no1themes.com/2009/08/halloween-party-1/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Open House info.url -> hxxp://no1themes.com/2009/08/open-house-2/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Painting Workshop info.url -> hxxp://no1themes.com/2009/08/painting-workshop/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Special Event info.url -> hxxp://no1themes.com/2009/08/special-event/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Springtime info.url -> hxxp://no1themes.com/2009/08/springtime/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Tear Off Tabs info.url -> hxxp://no1themes.com/2009/08/tear-tabs/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\8 nice flyers\Vibrant info.url -> hxxp://no1themes.com/2009/08/vibrant-2/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\20 Amazing flyer design  fonts  [ SXP ]\BLOG & PC TIPS AND TWEAKS.url -> hxxp://www.tipsxplore.blogspot.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\20 Amazing flyer design  fonts  [ SXP ]\More software.url -> hxxp://www.softxplore.blogspot.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\adv\events design\20 Amazing flyer design  fonts  [ SXP ]\More Wallpapers.url -> hxxp://www.wallpapersxplore.blogspot.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\2015\2015 WEB-\wordpress\theme2\Over 200 Great WordPress Themes\More free downloads....url -> hxxp://www.no1themes.com/
InternetURL: C:\Users\administrator\Desktop\proj-data\2015\2015 WEB-\wordpress\theme2\Over 200 Great WordPress Themes\More free wordpress downloads....url -> hxxp://www.no1themes.com/search/label/wordpress
InternetURL: C:\Users\administrator\Desktop\adv\add - photoshop\- shapes\sexy-fashion-girls\Design Freebies Heven.url -> hxxp://dezignus.com/
InternetURL: C:\Users\administrator\Desktop\adv\add - photoshop\- shapes\Adobe Photoshop CC Master Shapes folder\skeletons\FreeGrunge.url -> hxxp://vectorartbox.com/
InternetURL: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Home Page.url -> hxxp://www.kmplayer.com/forums
InternetURL: C:\Users\administrator\AppData\Local\AviraResume\en-us\weblink.url -> hxxp://www.avira.com
InternetURL: C:\Users\Kbekele\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\petros\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\wondwossen.a\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================
 

 

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 03 February 2016 - 07:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Having two Anti-viruses is counter productive so uninstall AVG.

 

You can also uninstall Advanced System Care which is only one step above malware.

 

Let's see if anyone recognizes this thing.  Submit each of the following to virustotal.com

 

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMG003.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IMG001.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\trzE8CA.tmp 
 
 
Easiest way to submit a file is to copy the path:
 
"C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMG003.exe "
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with IMG003.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 58 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 58  or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 
 

 

 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Download aswMBR.exe 
to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, win-32, img003.exe, img001.exe, администратор, auto startup virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP